diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2010-01-17 16:55:48 -0800 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2010-01-17 16:55:48 -0800 |
| commit | fafa7f277f0591c74bd3d162c4c39a01604b55ae (patch) | |
| tree | 8a43cdf14ded427dec8407cdeaa71817163d4d31 | |
| parent | bb79a1455a3f692c813f8dad6300fd7ecc6fd583 (diff) | |
Remove a @todo.
| -rw-r--r-- | modules/gallery/helpers/gallery_rest.php | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/modules/gallery/helpers/gallery_rest.php b/modules/gallery/helpers/gallery_rest.php index 0de5da2b..24733f20 100644 --- a/modules/gallery/helpers/gallery_rest.php +++ b/modules/gallery/helpers/gallery_rest.php @@ -19,7 +19,6 @@ */ // @todo Add logging -// @todo VALIDATION // Validation questions // @@ -100,10 +99,15 @@ class gallery_rest_Core { access::required("edit", $item); $params = $request->params; - foreach (array("captured", "description", "slug", "sort_column", "sort_order", - "title", "view_count", "weight") as $key) { - if (isset($params->$key)) { - $item->$key = $params->$key; + + // Only change fields from a whitelist. + foreach (array("album_cover_item_id", "captured", "description", + "height", "mime_type", "name", "parent_id", "rand_key", "resize_dirty", + "resize_height", "resize_width", "slug", "sort_column", "sort_order", + "thumb_dirty", "thumb_height", "thumb_width", "title", "view_count", + "weight", "width") as $key) { + if (array_key_exists($key, $request->params)) { + $item->$key = $request->params->$key; } } $item->save(); @@ -116,22 +120,26 @@ class gallery_rest_Core { access::required("edit", $parent); $params = $request->params; + $item = ORM::factory("item"); switch ($params->type) { case "album": - $item = album::create( - $parent, - $params->name, - isset($params->title) ? $params->title : $name, - isset($params->description) ? $params->description : null); + $item->type = "album"; + $item->parent_id = $parent->id; + $item->name = $params->name; + $item->title = isset($params->title) ? $params->title : $name; + $item->description = isset($params->description) ? $params->description : null; + $item->save(); break; case "photo": - $item = photo::create( - $parent, - $request->file, - $params->name, - isset($params->title) ? $params->title : $name, - isset($params->description) ? $params->description : null); + case "movie": + $item->type = $params->type; + $item->parent_id = $parent->id; + $item->set_data_file($request->file); + $item->name = $params->name; + $item->title = isset($params->title) ? $params->title : $name; + $item->description = isset($params->description) ? $params->description : null; + $item->save(); break; default: |